Tag: MACOS

Critical Vulnerabilities in SimpleHelp Remote Support Software
A recent security audit of SimpleHelp revealed three critical vulnerabilities that could compromise both the server and client machines. These vulnerabilities include unauthenticated path traversal, arbitrary file upload leading to remote code execution, and privilege escalation from technician to admin. SimpleHelp has since patched these vulnerabilities, and users are urged to upgrade to the latest versions.…
Read More
Infostealer Infections Lead to Telefonica Ticketing System Breach
Summary: An information stealer malware attack compromised the credentials of multiple Telefonica employees, allowing threat actors to access the company’s internal ticketing system and steal sensitive data. The Hellcat ransomware group claimed responsibility for the breach, which involved sophisticated social engineering techniques and custom malware.

Threat Actor: Hellcat Ransomware Group | Hellcat Ransomware Group Victim: Telefonica | Telefonica

Key Point :

Attackers used custom infostealer malware to compromise credentials of over 15 employees.…
Read More
Microsoft: macOS bug lets hackers install malicious kernel drivers
Summary: Apple has patched a critical macOS vulnerability (CVE-2024-44243) that allowed local attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. This flaw could lead to severe security risks, including the installation of rootkits and unauthorized access to user data.

Threat Actor: Local attackers | local attackers Victim: macOS users | macOS users

Key Point :

Vulnerability allows bypassing SIP without physical access to the device.…
Read More
Critical macOS Sandbox Vulnerability PoC Exploit Released Online
Summary: A proof-of-concept exploit for the critical macOS vulnerability CVE-2024-54498 has been released, enabling malicious applications to escape the macOS Sandbox. This vulnerability poses significant risks, including unauthorized access to sensitive data and system control.

Threat Actor: Malicious actors | malicious actors Victim: macOS users | macOS users

Key Point :

The vulnerability CVE-2024-54498 has a CVSS score of 8.8, indicating high severity.…
Read More
This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.

Keypoints :

Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…
Read More
RST TI Report Digest: January 13, 2025
This week’s threat intelligence report from RST Cloud highlights significant cyber threats from various actors, including the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, and Southeast Asia, as well as the emergence of new malware like Banshee and the Gayfemboy botnet. The report summarizes key findings from 29 threat intelligence reports, detailing tactics, techniques, and procedures (TTPs) used in these attacks, and includes numerous indicators of compromise (IoCs).…
Read More
Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
Summary: A phishing campaign has been uncovered that impersonates CrowdStrike’s recruitment branding to distribute a cryptominer disguised as a “CRM application.” Victims are tricked into downloading malware that exploits their system resources for cryptocurrency mining.

Threat Actor: Unknown | unknown Victim: Job seekers | job seekers

Key Point :

The phishing email mimics CrowdStrike’s recruitment process to lure victims.…
Read More
Docker Desktop blocked on Macs due to false malware alert
Summary: Docker Desktop users on macOS are experiencing startup issues due to false malware warnings stemming from an incorrect code-signing certificate. Docker has acknowledged the problem and provided solutions to mitigate the impact.

Threat Actor: Unknown | malware Victim: Docker | Docker

Key Point :

False malware alerts began on January 7, 2025, preventing users from opening Docker.…
Read More
Infostealer Infections Lead to Telefonica Ticketing System Breach
Summary: This week’s cybersecurity news roundup highlights significant developments, including vulnerabilities, data breaches, and geopolitical implications involving major companies and organizations.

Threat Actor: Natohub, Silk Typhoon | Natohub, Silk Typhoon Victim: International Civil Aviation Organization, Bank of America, Green Bay Packers | International Civil Aviation Organization, Bank of America, Green Bay Packers

Key Point :

The US Defense Department has linked Tencent and CATL to the Chinese military.…
Read More
Banshee macOS Malware Expands Targeting
Summary: The Banshee macOS information stealer has been updated to target systems using the Russian language, expanding its reach, according to cybersecurity firm Check Point. Initially launched in mid-2024, the malware continues to pose threats despite the leak of its source code.

Threat Actor: Russian Developers | Russian Developers Victim: macOS Users | macOS Users

Key Point :

Banshee can collect sensitive data including passwords, system information, and cryptocurrency wallet details.…
Read More
The Feed 2025-01-10

“`html

Check Point Research has identified a new version of the Banshee macOS stealer malware, which has been evading detection since September 2024. The malware targets macOS users, stealing sensitive information and utilizing an encryption algorithm similar to Apple’s XProtect. Despite the shutdown of its original operations after a code leak, Banshee continues to be distributed through phishing websites and malicious GitHub repositories.…
Read More
Fake CrowdStrike job offer emails target devs with crypto miners
Summary: CrowdStrike has identified a phishing campaign that impersonates the company, targeting job seekers with fake job offer emails to distribute a Monero cryptocurrency miner. The campaign tricks victims into downloading a malicious application disguised as an employee CRM tool.

Threat Actor: Unknown | unknown Victim: Job Seekers | job seekers

Key Point :

Phishing emails impersonate CrowdStrike, thanking candidates for applying for a developer position.…
Read More
Microsoft fixes OneDrive bug causing macOS app freezes
Summary: Microsoft has resolved an issue causing macOS applications to freeze when opening or saving files in OneDrive, specifically affecting macOS 15 Sequoia. Users are advised to update to macOS 15.2 or follow a temporary workaround until they can upgrade.

Threat Actor: Microsoft | Microsoft Victim: macOS users | macOS users

Key Point :

Issue affects macOS 15 Sequoia users when opening or saving files in OneDrive.…
Read More
Banshee stealer evades detection using Apple XProtect encryption algo
Summary: A new variant of the Banshee info-stealing malware for macOS has been evading detection by utilizing string encryption techniques similar to those used by Apple’s XProtect. This malware, which targets sensitive data from macOS users, has continued to spread through deceptive methods despite the original operation being shut down after its source code was leaked.…
Read More
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
Summary: A new variant of the macOS-focused Banshee Stealer malware has emerged, utilizing advanced encryption techniques to evade detection and posing a significant threat to macOS users worldwide. This iteration, which has been detected since late September 2024, is distributed through phishing websites and fake software repositories.…
Read More
Infostealer Infections Lead to Telefonica Ticketing System Breach
Summary: Threat actors are exploiting a recently disclosed vulnerability in GFI KerioControl firewalls, allowing for one-click remote code execution (RCE) via HTTP response splitting attacks. This flaw, tracked as CVE-2024-52875, has been deemed high severity due to its potential impact on network security.

Threat Actor: Unknown | unknown Victim: GFI KerioControl users | GFI KerioControl

Key Point :

The vulnerability allows attackers to perform HTTP response splitting, leading to reflected cross-site scripting (XSS) and RCE.…
Read More
The Feed 2025-01-09
This article explores various cyber threats, including voice phishing by the “Crypto Chameleon” group, exploitation of vulnerabilities in Kerio Control and Ivanti Connect Secure VPN, and North Korean hackers targeting cryptocurrency wallets through fake job interviews. The rise of ransomware among state-sponsored APT groups is also highlighted, indicating a troubling trend in modern cyber threats.…
Read More
Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities
Summary: Google and Mozilla have released security updates for their browsers, addressing several high-severity vulnerabilities, including critical type confusion flaws and memory safety bugs. Users are urged to update their browsers promptly to mitigate potential risks.

Threat Actor: Unknown | unknown Victim: Browser Users | browser users

Key Point :

Google’s Chrome 131 update fixes four security defects, including a high-severity type confusion flaw in the V8 JavaScript engine.…
Read More